For example, the user shell or GUI may have access to do anything he wants with his home directory but if he runs a mail client the client may not be able to access different parts of the home directory, such as his ssh keys. With SELinux an administrator can differentiate a user from the applications a user runs. Mandatory access controls allow an administrator of a system to define how applications and users can access different resources such as files, devices, networks and inter-process communication. SELinux is an implementation of mandatory access controls (MAC) on Linux. 3 Do I have to write policies to use SELinux?.
0 Comments
Leave a Reply. |